Passive security enforcement

ABSTRACT

Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user&#39;s interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.15/472,962, filed Mar. 29, 2017, which is a continuation of U.S.application Ser. No. 14/497,122, filed Sep. 25, 2014, and issued as U.S.Pat. No. 9,641,502, which is a continuation of U.S. application Ser. No.14/088,202, filed Nov. 22, 2013, and issued as U.S. Pat. No. 8,898,758,which is a continuation of U.S. application Ser. No. 12/359,220, filedJan. 23, 2009, and issued as U.S. Pat. No. 8,590,021, which are herebyincorporated by reference in their entirety. In cases in which adocument incorporated by reference herein is inconsistent with contentsof this application, the contents of this application control.

BACKGROUND

Many computing systems provide various features to enforce security.Enforcing security includes evaluating and enforcing authentication andauthorization. Computing devices employ authentication to securelyidentify users. A computing device generally employs an authenticationcomponent to determine who a user is and whether the user is really whothey claim to be. A concept related to authentication is authorization.Computing systems employ authorization to determine the level of accessfor the authenticated user. For example, a computing system may evaluateauthorization rules to determine what features or resources anauthenticated user should be provided access to (e.g., to access, add,create, delete, modify, etc.) Once a computing system authenticates auser, the computing system may provide various features to the userbased on that user's authorization. The computing system can employ anauthorization component to determine the appropriate level ofauthorization, such as by enforcing authorization rules.

Computing systems conventionally enforce security actively. Activeauthentication generally includes receiving authentication informationdirectly from a user who is to be authenticated. As examples, users mayprovide login credentials (e.g., user id and/or password), place a cardkey or other device proximate to a user, or take some other active stepto identify and/or authenticate themselves. Thus, active authenticationgenerally involves verifying a “secret” that is shared between the userand the computing system or validating a user's response to a challenge.Active authorization includes enforcing rules based on theauthentication.

However, authentication can sometimes get in the way of authorizationwhen some features or transactions provided by a computing systemrequire a different “level” of authentication than other features. As anexample, when the computing system is a mobile telephone, a user mayrequire a first level of authentication to place local phone calls and asecond, different level of authentication to place long distance phonecalls or conduct an electronic commerce transaction. As another example,the user may need a third level of authentication to browse publicInternet websites but a fourth, different level of authentication tosend or receive electronic mail.

Although features provided by a computing system can be divided intodifferent categories, such divisions are ineffective when, e.g., theuser is not yet authenticated, authenticating a user actively isunnecessary, or a feature requires a different level of authorizationthan the level that can be provided to the authenticated user.

SUMMARY

Technology is described for enabling passive security enforcement atcomputing systems (“the technology”). A component of a computing systemcan passively authenticate or authorize a user based on observations ofthe user's interactions with the computing system. The observations caninclude, e.g., physical observations of the user's interactions,behavioral observations of the user's usage of the computing system,etc. The technology may increase or decrease an authentication level orauthorization level based on the observations. The level can indicatewhat level of access the user should be granted. When the user or acomponent of the computing device initiates a request, an application orservice can determine whether the level is sufficient to satisfy therequest. If the level is insufficient, the application or service canprompt the user for credentials so that the user is activelyauthenticated. The level may change over time, such as based on observedactions of the user.

The technology may enable computing systems to “trust” authentication sothat two proximate devices can share authentication levels. When thecomputing device is placed near another computing device that has alsoauthenticated the user, the authentication levels for the user at one orboth devices may increase.

In various embodiments, physical observation can include proximity ofother devices so that, for example, a mobile computing system mayprovide a higher authentication level if the user is carrying anotherdevice, such as a car ignition key embedded with embedded electronics(also know as a “key fob”). When the previously recognized key fob is nolonger proximate to the computing system, the computing system maydecrease the authentication level it passively provided.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating components employed by thetechnology in various embodiments.

FIG. 2 is a flow diagram illustrating a routine performed by a serviceupon receiving a request from a client to complete a transaction.

FIG. 3 is a flow diagram illustrating a routine performed by a computingsystem to observe confidence factors.

FIG. 4 is a flow diagram illustrating a routine performed by a computingsystem to compute a confidence level.

FIG. 5 is a flow diagram illustrating a routine performed by a computingsystem to provide a confidence level.

FIG. 6 is a flow diagram illustrating a routine performed by a computingsystem to provide confidence factors.

FIGS. 7A and 7B are flow diagrams illustrating a routine performed by acomputing system to check selected confidence factors.

FIG. 8 is a block diagram illustrating components employed by thetechnology in various embodiments.

DETAILED DESCRIPTION

Technology is described for enabling passive security enforcement atcomputing systems, e.g., mobile computing devices (“the technology”). Acomponent of a computing system can passively authenticate or authorizea user based on observations of the user's interactions with thecomputing system. The observations can include, e.g., physicalobservations of the user's interactions, behavioral observations of theuser's usage of the computing system, etc. As examples, physicalobservations can include, e.g., observations of heat or temperaturesensors, pressure/touch sensors, motion sensors/accelerometers,proximity of other devices, and so forth. Behavioral observations caninclude, e.g., observations of whether the user is telephoning people ina previously stored contacts list, is located in an area where the userhas been previously observed to be located, and so forth. If the user'sphysical and/or behavioral observations are consistent with priorpatterns, the user may be passively authenticated at an observedauthentication “level.” If several observations are consistent withprior patterns, the level may increase. On the other hand, if only fewobservations are consistent with prior patterns or some observations areinconsistent with prior patterns, the level may decrease. The technologymay make observations by using various hardware and software componentsto detect changes to various inputs that are made to the computingsystem.

When the user accesses a feature or requests a transaction, anassociated application or service may determine from the computingsystem (e.g., by accessing an application program interface (“API”)provided by an operating system executing on the computing system) whatlevel of authentication the technology has passively observed. If theauthentication level is sufficiently high (e.g., exceeds a specifiedthreshold level), the application or service may complete the request.As an example, when the user places a local telephone call to atelephone number that is not in the contacts list, the computing systemmay initiate the call. As another example, when the user browses apublic website, the computing system may cause the web browser to placethe request to a web server.

These authorizations may occur because the user, system administrator,application, or other entity determined that these features/transactionsmay be performed at the present authentication level. As an example, alocal phone call may be “free” but a long distance phone call may causethe user to incur a fee. As another example, browsing a public websitemay be “free” and of acceptable risk, but checking a bank balance orpurchasing an item online may involve unacceptable risk at the presentauthentication level.

If the authentication is not sufficiently high for the requested featureor transaction, the application or service may either return an error orrequire active authentication. To actively authenticate a user, theoperating system may require the user to provide the user'sauthentication credentials. As an example, when the user places a longdistance telephone call, the computing system may not place thetelephone call and instead may prompt the user for the user's logincredentials. After verifying the login credentials actively, thecomputing system may place the call. As another example, when the userrequests a financial transaction to a service using the browser, theservice may require a high authentication level. Upon determining thatthe present authentication level is lower than a threshold the servicespecifies, the computing system may prompt the user for the user's logincredentials. After verifying the login credentials the user provides,the computing system may inform the service that the user'sauthentication level is sufficiently high to complete the transaction.Alternatively, the service may determine based on the providedcredentials that the requested transaction can be completed. In variousembodiments, the API may indicate the authentication level to aninquiring service, merely inform the service that the user'sauthentication level exceeds a specified threshold or not, or eventransmit credentials to the service. As an example, upon receiving arequest to complete a transaction, the service may first send a requestto the user's computing system indicating that the service requires aspecified authentication level. If the user's computing systemdetermines that the user's present authentication system is too low, itmay either prompt the user to enter one or more credentials or informthe service that the authentication level is too low. In the lattercase, the service may prompt the user to provide credentials so that theservice can authorize the user.

The computing system may also passively authorize users, such as byemploying techniques similar to those described above for passiveauthentication. As an example, after the user has been passivelyauthenticated, the user may request a transaction that requires astronger level of authentication. An authorization component may havepassively determined that the user is or is not authorized to requestthe transaction. If the user is not authorized to request thetransaction, the transaction will not be completed. In variousembodiments, the computing device may cancel the request or providerelevant information so that a service or application that satisfies therequest can determine whether or not the transaction should becompleted.

Authentication and authorization may be for different time periods. Asan example, the computing system may authenticate a user for a given“session” (e.g., during a period of time) but may authorize eachtransaction separately.

In various embodiments, the technology may enable computing systems to“trust” authentication. As an example, the computing systems may employnear-field communications technology to communicate authenticationinformation with each other. If the user has a higher level ofauthentication on either computing system, both computing systems mayrecognize the higher authentication level. As an example, when a user ofa mobile phone has been passively authenticated but has not beenauthenticated on a “surface” computing system and places the mobilephone on the surface computing system, the surface computing system mayautomatically authenticate the user so that, e.g., the user's photos onthe phone can be displayed on the surface computing system.Alternatively, if the user has already authenticated actively on onecomputing system, another proximate computing system may enable the userto perform activities that it previously would not have authorizedwithout first prompting the user for active authentication information.

The authentication level may change over time. As an example, if theuser begins telephoning users not in the user's contacts list, theauthentication level may decrease. If the authentication level decreaseslower than a specified threshold, the user may no longer be able to maketelephone calls until the user is prompted for authenticationcredentials and is (actively) authenticated.

In various embodiments, physical observation can include proximity ofother devices. As an example, a mobile computing system may provide ahigher authentication level if the user is carrying another device, suchas a key fob. When the previously recognized key fob is no longerproximate to the computing system, the computing system may decrease theauthentication level it passively provided.

In various embodiments, the technology can employ geographic positioninformation (e.g., based on radio triangulation, satellite globalpositioning system information, etc.) to determine that the user shouldbe actively authenticated or authorized. For example, this may occurwhen the position information indicates that the user is outside areasthat the user normally visits.

In various embodiments, the technology may not initially offer passiveauthentication or authorization because it has not yet observed andstored attributes of actions. As an example, when a user first purchasesa mobile computing device, the mobile computing device may only offeractive authentication and authorization. In such a case, the user mayneed to actively authenticate before accessing a feature or requesting atransaction. Over time, as the technology observes and stores usagepatterns (e.g., after one or more instances of a user using the device),the technology may enable passive authentication and/or passiveauthorization.

In various embodiments, the technology may store default values and thenupdate the default values based on observation. In these embodiments, alimited set of features or transactions may be available to the userimmediately and more features or transactions may become available(e.g., “unlocked”) as the technology “learns” to passively authenticatethe user, such as by detecting and storing attributes of actions.

In various embodiments, the technology may enable users to configurewhether/when to enable passive and/or activeauthentication/authorization. As examples, a user may specify whattransactions or features should be enabled with passive authentication.

As previously indicated, the technology may make observations by usingvarious hardware and software components to detect changes to variousinputs that are made to the computing system. Thus, detection andobservation are intended to be synonymous.

Several embodiments of the facility are described in more detail inreference to the Figures. The computing devices on which the describedtechnology may be implemented may include one or more central processingunits, memory, input devices (e.g., keyboard and pointing devices),output devices (e.g., display devices), storage devices (e.g., diskdrives), and network devices (e.g., network interfaces). The memory andstorage devices are computer-readable media that may store instructionsthat implement the technology. In addition, the data structures andmessage structures may be stored or transmitted via a data transmissionmedium, such as a signal on a communications link. Variouscommunications links may be used, such as the Internet, a local areanetwork, a wide area network, or a point-to-point dial-up connection.

FIG. 1 is a block diagram illustrating components employed by thetechnology in various embodiments. The environment 100 in which thetechnology operates can include one or more servers 102 a through 102 n,a network 104 (e.g., an intranet or the Internet), and one or morecomputing devices, such as mobile computing devices 106 a through 106 m.Other varieties of computing devices can also be employed. The mobilecomputing devices may be handheld devices, such as mobile telephones.The mobile computing devices may wirelessly communicate with otherdevices, such as to communicate voice, video, or other information, viaan antenna 108. The antenna 108 can exchange radiofrequency or othersignals with a corresponding antenna (not shown) associated with themobile computing devices.

FIG. 2 is a flow diagram illustrating a routine performed by a serviceupon receiving a request from a client to complete a transaction. Theroutine 200 begins at block 202. At block 204, the routine receives atransaction request, such as from a mobile computing device. Thetransaction request may be generated by the mobile computing device whenthe user or some other entity initiates a transaction. In variousembodiments, the transaction may be completely performed at the mobilecomputing device or may require exchange information with a service. Asan example, the routine may be invoked by the mobile computing devicewhen the mobile computing device receives a request to execute anapplication. As another example, the routine may be invoked by a servicewhen it receives a request to complete a financial transaction. At block206, the routine determines a confidence level that may be required tocomplete the transaction. At block 208, the routine transmits a requestfor the identified confidence level to the component that transmittedthe transaction request. A confidence level may be a threshold level ofconfidence that is required for the transaction to be automaticallyauthorized without requiring the user to be actively authenticated.Alternatively, the routine may transmit indications of one or moreconfidence factors to the component that transmitted the transactionrequest. Confidence factors may be specific factors that are acceptable,such as fingerprints, iris scans, signatures, etc. At block 209, theroutine receives from the component that transmitted the transactionrequest a response providing an indication of the confidence level orconfidence factors that have been verified. At decision block 210, theroutine determines whether the received confidence level or factors areacceptable (e.g., exceed a specified threshold). If the confidence levelor factors are acceptable, the routine continues at block 212.Otherwise, the routine continues at block 214. At block 212, the routinecompletes the transaction. The routine then returns at block 216. Atblock 214, the routine denies the transaction and may return an error tothe component that transmitted the transaction request. The routine thenreturns at block 216.

Those skilled in the art will appreciate that the logic illustrated inFIG. 2 and described above, and in each of the flow diagrams discussedbelow, may be altered in a variety of ways. For example, the order ofthe logic may be rearranged, substeps may be performed in parallel,illustrated logic may be omitted, other logic may be included, etc.Moreover, some or all of the logic or substeps may be performed by oneor more devices other than a specified device. For example, substeps mayoccur on a mobile computing device, client computing device, servercomputing device, etc.

FIG. 3 is a flow diagram illustrating a routine performed by a computingsystem to observe confidence factors. The routine 300 begins at block302. At block 304, the routine receives an event for a confidencefactor. As examples, the routine may receive events indicating that theuser has picked up a mobile phone, the user has rotated the mobilephone, the present temperature at various points on the mobile phone,the user's usage patterns on the computing device, etc. At block 306,the routine observes the confidence factor. As an example, the routinemay observe values at various sensors, accelerometers, keyboard, stylus,or other input devices. At block 308, the routine stores the searchconfidence factors, such as in a data structure stored in memory. Atblock 310, the routine returns.

FIG. 4 is a flow diagram illustrating a routine performed by a computingsystem to compute a confidence level. The routine 400 may be invoked tocompute a confidence level, such as when prompted by a service or anapplication. The routine begins at block 402. At block 404, the routinesets a confidence level to an initial level, such as a default level. Inthe loop of blocks 406-412, the routine modifies the confidence levelbased on each confidence factor. At block 406, the routine selects aconfidence factor, such as from a list of observed confidence factors.At block 408, the routine checks the selected confidence factor, such asby invoking a subroutine and providing the selected confidence factor tothe subroutine. A subroutine for checking the selected confidence factoris described in further detail below in relation to FIG. 7. At block410, the routine modifies the confidence level based on a value returnedby the subroutine for checking the selected confidence factor. As anexample, routine may increase the confidence level if the factor isindicated to be geographical location or name of a network to which thecomputing device has connected. The routine selects another confidencefactor at block 412. At block 414, the routine returns.

FIG. 5 is a flow diagram illustrating a routine performed by a computingsystem to provide a confidence level. The routine 500 may be invoked toprovide a confidence level. The routine begins at block 502. At block504, the routine receives a request for a confidence level. At block506, the routine computes or retrieves a confidence level, such as byinvoking the subroutine. As an example, the routine may invoke theroutine described above in relation to FIG. 4 or may invoke the routinedescribed below in relation to FIG. 6. At block 508, the routine returnsthe computed or retrieved confidence level.

FIG. 6 is a flow diagram illustrating a routine performed by a computingsystem to provide confidence factors. The routine 600 may be invoked toprovide a list of confidence factors and associated observations. Theroutine begins at block 602. At block 604, the routine receives arequest for confidence factors. At block 606, the routine retrieves theconfidence factors. In various embodiments, the routine may receive alist of the confidence factors that it is to retrieve and provide. Invarious embodiments, the routine may provide the complete list ofconfidence factors. At block 608, the routine provides the confidencefactors. At block 610, the routine returns.

FIGS. 7A and 7B are flow diagrams illustrating a routine performed by acomputing system to check selected confidence factors. The routine maycompare attributes of a presently observed action with previously storedattributes of a similar action. Attributes can include inputs observedfrom components that provide input to the computing system, e.g.,accelerometer inputs, touch/pressure sensor inputs, temperature inputs,global positioning system (GPS) inputs, etc. Presently observedattributes can be substantially equivalent to previously storedattributes when the differences are negligible. As an example, there maybe temperature variations between fingers, but overall the fingersexhibit similar temperatures to those measured previously. The inputsmay be considered as a group (e.g., temperatures for all fingers) orindividually (e.g., temperatures for each finger).

The routine 700 begins at block 702. FIG. 7A indicates connectors A. andB. These connectors connect the flow of the routine to connectors A. andB., respectively, illustrated in FIG. 7B. At block 704, the routinereceives an indication of a confidence factor.

At decision block 706, the routine determines whether the indicatedconfidence factor is a phone number and the phone number is listed in alist of phone numbers, such as in a list of contacts or telephonenumbers previously entered regularly or several times. If so, theroutine continues at block 722. Otherwise, the routine continues atdecision block 708.

At decision block 708, the routine determines whether the indicatedconfidence factor is heat (or temperature) and the observed heat that ispresently applied by the user is comparable to historically observedheat applied by the user. The heat may be observed by checking heatsensors that may be attached to the computing device. As an example, amobile phone may have one or more heat sensors that each measure heatapplied by a user's hand. If the observed heat is comparable tohistorically observed heat, the routine continues at block 722.Otherwise, the routine continues at decision block 710.

At decision block 710, the routine determines whether the indicatedconfidence factor is physical use and one or more accelerometersassociated with the computing device provide inputs that are comparableto historical physical use indicated by the accelerometers. Theaccelerometers may measure how the user interacts with the computingdevice, such as when picking it up, putting it down, and so forth. Ifthe observed use is consistent with historically observed use, theroutine continues at block 722. Otherwise, the routine continues atdecision block 712.

At decision block 712, the routine determines whether the indicatedconfidence factor is touch and touch inputs are presently providinginformation that are comparable to historically observed informationfrom the touch inputs. The touch inputs may be received from touchsensitive sensors associated with the computing device. If the observedtext inputs are consistent with historically observed touch inputs, theroutine continues at block 722. Otherwise, the routine continues atdecision block 714 (illustrated in FIG. 7B).

Turning now to FIG. 7B, at decision block 714, the routine determineswhether the indicated confidence factor is location and a GPS signalindicates that the computing system is presently located in an area inwhich the user has previously operated the computing system. As anexample, when the computing system is in an area in which the user hasnever previously used the computing system, the confidence level may below that the previously known user is presently using the computingsystem. If the location is in an area in which the user has previouslyused a computing system, the routine continues at block 722. Otherwise,the routine continues at decision block 716. Other location-relatedinputs can also (or instead) be applied, such as by identifyingavailable wireless local area networks or devices connected thereto,recognizing the surroundings using a camera, etc.

At decision block 716, the routine determines whether the indicatedconfidence factor is co-presence and another device is proximate to thecomputing system. As an example, when a user has a mobile device in onepocket and car keys (previously registered with the mobile device) inanother pocket, it is likely that the user is the known owner of themobile device. The car keys may have an embedded component, such as aradiofrequency identification chip, that enables the mobile device toidentify the car keys (or any other co-present device that isregistered). If the registered co-present device is proximate, theroutine continues at block 722. Otherwise, the routine continues atdecision block 718.

At decision block 718, the routine determines whether the identifiedconfidence factor is vision and the image comparison is acceptable. Asan example, the routine may determine whether the user's face isrecognizable, the surroundings are recognizable, etc. The computingsystem may employ an attached camera to make this visual observation. Ifthe image comparison is acceptable, the routine continues at block 722.Otherwise, the routine continues at block 720.

At block 720, the routine decreases the confidence level because none ofthe indicated confidence factors was acceptable. The routine thenreturns the confidence level at block 726.

At block 722, the routine sets a weight based on the factor that wasacceptable. At block 724, the routine increases the confidence level. Insome embodiments, the routine may employ weights for each of theconfidence factors (and not just one) and compute an overall weightedconfidence level. The routine then returns the computer confidence levelat block 726.

Historical information employed by the routine may be stored in thecomputing device or elsewhere. If stored elsewhere, the computing devicemay access the historical information via a network connection.

FIG. 8 is a block diagram illustrating components employed by thetechnology in various embodiments. A computing system 802, such as amobile computing device, may include a processor 804, a memory 806, anoperating system 808, and one or more applications 810. An applicationmay require authentication of the user or send a request to a servicevia a network connection (not illustrated) that requires authenticationof the user.

The computing system may also include touch/pressure sensors 812, heatsensors 814, accelerometers 816, cameras 818, fingerprint readers 820,and writing analyzers 822. The touch/pressure sensors may determinetouch or pressure points around the body of the computing system. Theheat sensors may sends heat at one or more points around the body of thecomputing system. The accelerometers may determine how the computingsystem is picked up, moved, etc., by the user. An accelerometer can bean electromechanical device that measures acceleration forces, e.g.,static forces or dynamic forces. The cameras may observe the user'sface, the surroundings, etc. The fingerprint readers may read the user'sfingerprints. The writing analyzers may analyze how the user writes,such as by using a stylus. The computing system may also includecomparators 824. Comparators may be configured to compare presentlyobservable attributes (e.g., heat, pressure, motion, etc.) to previouslystored attributes. Although the components are described in plural,computing systems may use one of each type of component, or just some ofthe components.

Various embodiments of the technology are now described. The embodimentsmay be operated independently or may be combined.

The technology can include a method performed by a computing system forpassively authenticating a user, comprising: observing an attribute ofan action; comparing the observed attribute of the action to apreviously stored attribute of a similar action; determining whether theobserved attribute is substantially equivalent to the previously storedattribute of the similar action; and if the observed attribute issubstantially equivalent to the previously stored attribute of thesimilar action, passively authenticating the user without requiring theuser to actively authenticate. The action can be moving the computingsystem to a location that is identifiable by the computing device. Theobserving can include capturing an image of surroundings using a camera.The observing can include receiving GPS location information. Theobserving can include identifying a wireless local area networkconnection. The action can be making a telephone call. The attributewhen making a telephone call can be a telephone number to which thetelephone call is made and the previously stored attribute can be atelephone number stored in a list of contacts. The action can bedetecting temperature. The action can be detecting motion. The actioncan be detecting pressure. The action can be detecting co-presence ofanother device. The action can be recognizing a face. The method caninclude setting a confidence level based on two or more comparisons ofattributes of actions and passively authenticating the user when theconfidence level exceeds a specified threshold confidence level.

The technology can include a computer-readable medium storingcomputer-executable instructions that, when executed, perform a methodof passively authenticating a user. The method can comprise: setting aconfidence level to a default value; identifying a set of confidencefactors; for each identified confidence factor, computing a confidenceand modifying the confidence level based on the computed confidence; andif the modified confidence level exceeds a specified threshold,passively authenticating the user without requiring the user to activelyauthenticate. The method can include setting a weight for eachidentified confidence factor. The modifying can be based on the weight.The method can include increasing the confidence level upon receiving asignal from a proximate computing device that has also authenticated theuser.

The technology can include a system for passively authenticating a user,comprising: an application that initiates a request; and a comparatorcomponent that is configured to compare an observed input to apreviously stored input without prompting the user to provide theobserved input and, if the comparison is substantially equivalent,passively authenticates the user so that the initiated request can besatisfied. The system can include a server component that satisfies therequest. The application may satisfy the request if the user ispassively authenticated; and if the user could not be passivelyauthenticated, can prompt the user for authentication credentials sothat the user can be actively authenticated.

Many authentication schemes are “active” in that they require the userto provide a secret shared with the computing system, such as apassword. However, active authentication gets in the way of completingsimple tasks on mobile computing systems, such as making a local callusing a “smart” phone that is locked to comply with corporate securitypolicies. The technology can employ passive authentication toauthenticate a user based on the user's observed behavior. The user'sauthentication level can increase or decrease over time based on theuser's observed actions, and applications/services can determine whetheror not to satisfy a request or complete a transaction based on thepresent authentication level.

Confidence level and authentication level can be synonymous in variousembodiments. Although embodiments relating to passive authentication aredescribed, the embodiments may also apply equally to passiveauthorization.

Although the subject matter has been described in language specific tostructural features and/or methodological acts, it is to be understoodthat the subject matter defined in the appended claims is notnecessarily limited to the specific features or acts described above.Rather, the specific features and acts described above are disclosed asexample forms of implementing the claims. Accordingly, the invention isnot limited except as by the appended claims.

1. A method for passive authentication by a computing system, the methodcomprising: receiving, by the computing system, a first attribute;passively authenticating, by the computing system, a user at a firstauthentication level based on comparing the first attribute to one ormore first previously stored attributes; receiving, by the computingsystem, a second attribute; and passively updating, by the computingsystem, the first authentication level to a second authentication leveldifferent from the first authentication level based on comparing thesecond attribute to one or more second previously stored attributes,wherein the first and second attributes each comprise an eventindicative of the user or a physical characteristic of the user, andwherein each previously stored attribute comprises a previously storedevent, a previously stored physical characteristic, or one or morepreviously determined acceptable values for one or more users.
 2. Asystem for passive authentication, the system comprising: one or morecomputer-readable media having instructions stored thereon; and one ormore hardware processors coupled to the one or more computer-readablemedia, and configured to read instructions from the one or morecomputer-readable media to cause the system to perform operationscomprising: receiving, by the system, a first attribute having a firstweight; receiving, by the system, a second attribute having a secondweight, wherein the first and second attributes each comprise an eventindicative of the user or a physical characteristic of the user;computing an overall weighted confidence level based upon the firstattribute having the first weight and the second attribute having thesecond weight; comparing the overall confidence level to a confidencelevel based upon previously stored attributes corresponding to the firstattribute and the second attribute, wherein each previously storedattribute comprises a previously stored event, a previously storedphysical characteristic, or one or more previously determined acceptablevalues for one or more users; and passively authenticating, by thesystem, a user at an authentication level based on the comparison of theoverall confidence level to the confidence level based upon the one ormore previously stored attributes.
 3. A method for passiveauthentication by a computing system, the method comprising: receiving,by the computing system, a first attribute having a first weight;receiving, by the computing system, a second attribute having a secondweight, wherein the first and second attributes each comprise an eventindicative of the user or a physical characteristic of the user;comparing the received first and second attributes to respectivepreviously stored attributes corresponding to the first attribute andthe second attribute, wherein each previously stored attribute comprisesa previously stored event, a previously stored physical characteristic,or one or more previously determined acceptable values for one or moreusers; computing an overall weighted confidence level based upon one ormore of the comparison of the received first and second attributes tothe respective previously stored attributes, the first weight of thefirst attribute, and the second weight of the second attribute; andpassively authenticating, by the computing system, a user at anauthentication level based on a comparison of the overall confidencelevel to a threshold confidence level.
 4. A computer-readable storagedevice store computer-executable instructions that, when executed,perform a method of passively authenticating a user, the methodcomprising: receiving, by the storage device, a first attribute having afirst weight; receiving, by the storage device, a second attributehaving a second weight, wherein the first attribute and second attributeeach comprise an event indicative of the user or a physicalcharacteristic of the user; computing an overall weighted confidencelevel based upon the first attribute having the first weight and thesecond attribute having the second weight; comparing the overallconfidence level to a confidence level based upon previously storedattributes corresponding to the first attribute and the secondattribute, wherein each previously stored attribute comprises apreviously stored event, a previously stored physical characteristic, orone or more previously determined acceptable values for one or moreusers; and passively authenticating, by the storage device, a user at anauthentication level based on the comparison of the overall confidencelevel to the confidence level based upon the one or more previouslystored attributes.